package SV_XSS_DB;

public class Example {
    protected void printComment(Connection conn, ServletOutputStream out, String user) throws SQLException, IOException {
        PreparedStatement pr = conn.prepareStatement("SELECT * FROM comms WHERE user = ?");
        pr.setString(0, user);
        String comment = pr.executeQuery().getString("comment");
        out.println("Comments: " + comment);
    }
}
